Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 4697 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering Profiles - AD groups not picked up

StephenWeber
I'm running an Astaro 120 with Full Guard on 8.201.

All of the Workstations have the Astaro Authentication Agent installed.

I created 4 Groups and setup the Back-end Active Directory and limited it to each matching group in AD.

Under Web Filtering Profiles I setup my Actions and Filters.  In the Filters I added the Groups to each filter.

Then under Proxy Profile I Added the Network and the Filters.  Selected Transparent and Agent Authentication.

When testing a user the Astaro sees the groups they belong too.  However the Web Log shows that it isn't matching the Users to the correct filter and fails them over to the Default Fail-over Filter action.

If I manually add the users or create static groups it works fine.  It just doesn't work with the Back-end Active Directory.

Any ideas????


This thread was automatically locked due to age.
Parents
  • 0
    Scott, I haven't played with it yet, so I'll take your word for it, but...

    "Unresolved" - really?  Then how can it be used in Packet Filter rules?

    In Proxy Profiles, I didn't mean to use the "User Network" object in the Filter Assignment, but in 'Allowed networks' in the 'Proxy Profile'.  Again, if AAA isn't resolving the "User Network" object, then that wouldn't work, either...

    Correction: See post #3 above. Using AAA, the "User Network" object doesn't work as a selector in 'Allowed networks' in a Profile.  The announcement and the documentation indicate, specifically, that this was intended to work, but, as of 10-Mar-2012, it still does not.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Scott, I haven't played with it yet, so I'll take your word for it, but...

    "Unresolved" - really?  Then how can it be used in Packet Filter rules?

    In Proxy Profiles, I didn't mean to use the "User Network" object in the Filter Assignment, but in 'Allowed networks' in the 'Proxy Profile'.  Again, if AAA isn't resolving the "User Network" object, then that wouldn't work, either...

    Correction: See post #3 above. Using AAA, the "User Network" object doesn't work as a selector in 'Allowed networks' in a Profile.  The announcement and the documentation indicate, specifically, that this was intended to work, but, as of 10-Mar-2012, it still does not.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Cookie Information Banner